Computerware Blog
Whaling Scams Go After Corporate Big Wigs
A strong network security solution will keep your company's data safe from hackers, unless a user is flat-out tricked. Deceiving users into opening misleading e-mails is a common scam called phishing. Most phishing e-mails are easy to spot because the message is generic, when hackers up their tactics from phishing to whaling, the digital waters can become treacherous.
Whaling is a dangerous scam because it specifically targets important people in companies, like managers and executives, with a personalized message that is tailored just for them. Since these key business leaders' computers hold very sensitive company files, and their jobs make their personal identities valuable, they are considered big fish in the world of scamming, thus the term whaling.
In fact, executive profiles are so valuable that scammers deem it worth their time to craft a personalized e-mail to the executive. These whaling messages are often very personal. A scammer will do their homework to include details like names of family members, coworkers, and hobbies. A scammer may even learn the terms and language of the company culture to be more convincing. This is all one big effort to trick execs into downloading a malware that gives hackers control of their PC, or having the manager send their personal information that can lead to identity theft.
Scammers have their sources to get a hold of such personal information. Much of it can be extracted from social media, so be careful what you post and who you let view your social media accounts. Many scammers also network with other scammers to buy and sell online profiles that contain detailed personal information. Using an identity theft tool like DeleteMe can put you in control of who has your online profile.
The whaling scam is not limited to the digital scamming arena. Scammers who participate in whaling are not below dumpster diving in order to retrieve valuable and personal information about you and your company. Scammers also like to make use of the phone; pretending to be a trusted vendor or another office in an effort to extract sensitive information the old fashioned way.
Phishing and whaling are scams that try to extract sensitive information by trickery. The best defense against scams like these is to have everybody in your company trained to know what to look for in a scam message, as well as informing everybody what are the proper and improper channels to exchange sensitive information. For example, if you receive an e-mail requesting your personal information, this is a red flag. A legitimate e-mail will never ask for you to send your information in an e-mail, but will instead direct you to a secure website like your online account that you regularly use.
Having a strong network security solution is still a valuable defense against scams. If a phishing scam prompts you to download a malicious file that is known, your antivirus solution will be able to catch it and alert you to it, saving you from yourself. If you would like know more about what to look for in a scam, or if want to set up your network with the best security solution possible like our Unified Threat Management tool, then keep yourself safe from harpoons and call Computerware at (703) 821-8200.
Comments